In a recent report published by StoreFrontBackTalk.com, a major unnamed retailer apparently lost their PCI compliance when moving data centres. This demonstrates just how important selecting the right data centre provider is and how important the PCI DSS compliance can be. PCI DSS version 2.0 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. It presents common-sense steps that mirror best security practices. Non-compliance may result in fines or worse.
No Visibility The unnamed US retailer had, understandably, taken the decision to outsource and use a purpose built colocation facility with all of the benefits that this brings but, of course, did not have visibility of what the data centre provider was doing. In this case, a network change made for good technical reasons and with the best intentions, caused the data centre provider to place the retailer in a position of non-compliance. So serious was this that a conference call took place between the retailer, its acquiring back and card issuers just to discuss how this non-compliance should be reported. The full story is here: <a href="https://storefrontbacktalk.com/securityfraud/how-a-major-chain-lost-pci-compliance-when-a-t be compromised?
Check the Scope PCI DSS is one of the security standards that are important to consider when selecting a colocation provider. This, combined with ISO 27001, is one the most important considerations, but as with PCI DSS be careful about what it means. Check the scope – if the data centre provider has scoped only their HR systems in order to gain ISO 27001 compliance, it is of absolutely no value to you what-so-ever.